Facebook suffered a security breach that allowed hackers to access 50 million user accounts. Although the company responded to the breach swiftly, it faces a public relations nightmare that may further damage user trust.
Hackers exploited a software vulnerability that enabled them to steal Facebook access tokens, potentially enabling them to take over users’ accounts. Access tokens are like digital keys that keep people logged in to Facebook, so they don’t need to re-enter passwords to visit the platform. The vulnerability was found in the “View As” feature that allows people to see what their profile looks like to other users.
Facebook said its engineering team fixed the vulnerability, informed law enforcement, and reset access tokens of about 50 million accounts affected by the breach and another 40 million accounts as a precaution. It also temporarily turned off the “View As” feature while it investigates the problem. At this point, it doesn’t know who was behind the breach or if the accounts were misused.
“Sorry This Happened”
“People’s privacy and security is incredibly important, and we’re sorry this happened. It’s why we’ve taken immediate action to secure these accounts and let users know what happened,” stated Guy Rosen, Facebook vice president of Product Management.
Rosen said there’s no need for users to change their passwords. They can take the precautionary step of logging out of Facebook. They can visit the “Security and Login” section in settings to find devices that are logged into the network.
“We face constant attacks from people who want to take over accounts or steal information around the world,” wrote Facebook CEO Mark Zuckerberg in a post. “While I’m glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this from happening in the first place.”
Worse than the Cambridge Analytica Controversy
The breach is worse than the Cambridge Analytica controversy, tech experts say. “If the attackers had access for months, that’s a huge issue,” Casey Oppenheim, founder of the data security firm Disconnect, told Consumer Reports. “This is the keys to the kingdom right here. If they have access to your account, they can basically impersonate you online and have access to anything you do on Facebook.”
A government investigation, calls for increased regulation and lawsuits are likely. Two Facebook users, saying their personal data may have been stolen filed a lawsuit within hours and seek class action status, Bloomberg revealed.
PR crisis management experts credit Facebook for responding swiftly, unlike in the Cambridge Analytica scandal. “Facebook has finally learned from its mistakes in crisis communications,” Curtis Sparrer, co-founder and principal of Bospar, told O’Dwyer’s. “Instead of waiting months or years to disclose bad news to the public like they did in the past, Facebook did the right thing and alerted us now.”
Already Facing Headwinds
Still, the breach damages Facebook’s efforts to rebuild trust with users. Facebook has already been suffering from falling engagement and disillusioned users. The latest breach will likely cause more users to adjust privacy settings, visit the network less or delete the app.
Just over half of Facebook users ages 18 and older (54%) say they adjusted their privacy settings in the past 12 months, according to the Pew Research Center survey. Around four-in-ten (42%) say they stopped visiting the platform for a period of several weeks or more, and about a quarter (26%) say they deleted the Facebook app from their cellphone. About three-quarters of Facebook users say they have taken at least one of these three actions in the past year.
Pew reports that 44% of younger users (those ages 18 to 29) say they have deleted the Facebook app in the past year, nearly four times the share of users 65 and older. About half (51 percent) of U.S. teens ages 13 to 17 say they use Facebook, down from 71 percent in 2015, according to a recent Pew Research Center survey.
Facebook’s vaunted ability to gather user data for targeted advertising may suffer as users become more protective about their data. That could cause Facebook to become less attractive to advertisers.
Bottom Line: Facebook’s massive data breach may give the network a PR headache for months. While the company responded with transparency and speed, more users may abandon the platform. Legislators may renew calls for increased regulatory scrutiny and marketers may re-assess their Facebook marketing strategies.
William J. Comcowich founded and served as CEO of CyberAlert LLC, the predecessor of Glean.info. He is currently serving as Interim CEO and member of the Board of Directors. Glean.info provides customized media monitoring, media measurement and analytics solutions across all types of traditional and social media.